locked
What FQDN to register in ISP DNS RRS feed

  • Question

  • Hi,

    Have followed the notorious article: http://www.ssl-vpn.de/wiki/Default.aspx?Page=How%20to%20integrate%20the%20IAG%20portal%20into%20Sharepoint&Aspx, this is what we have:

    HTTPS trunk name: Finance

    trunk FQDN: uag.company.com

    external trunk IP: 192.168.1.1

    internal IP of UAG: 1.1.1.1

    we have also pulished a Sharepoint site (demo.company.com) with the UAG webpart in a frame.

    the SPS webpart then should be http://1.1.1.1:6001/SecureFinancePortalHomePage/MainFrame.aspx

     

    When connecting from the Internet, the webpart does NOT render - UNLESS I add the following entry to the Internet clients HOSTS file:

    192.168.1.1 uag.company.com

     

    So - can someone please confirm this - the SPS webpart will not work unless we can also resolve the trunks' FQDN on the Internet?

    The fact that the webpart fetches from the INTERNAL IP address of UAG kind of makes one think that the trunk FQDN is not used....but obviously it is?

     

    Another scenario:

    We have published RemoteApp via UAG - and when the RemoteApp window pops up, it lists what the end RD server name is (security risk) and also what the RD Gateway computer is (and here again it uses the FQDN of the UAG trunk).

    Comments anyone?

    Friday, April 30, 2010 9:06 AM

Answers

  • UAG.Company.com is the one you need to register at you ISP DNS
    Martijn B.
    • Marked as answer by Erez Benari Tuesday, May 4, 2010 12:11 AM
    Monday, May 3, 2010 6:28 AM
  • Finally found something usefull:

    In HTTPS trunks, we recommend that both the public host name of the trunk and the public host name of the application should be included on the server certificate used by the trunk.  Alternatively you can use a wildcard certificate. You can use names that do not match the certificate. In this case, ignore the certificate warning that pops up during trunk configuration. If names do not match, connecting endpoints will be presented with a browser warning that there might be a problem with the website’s security certificate, and must choose to continue for site access.

    http://blogs.technet.com/edgeaccessblog/archive/2010/01/15/what-happened-to-basic-and-webmail-trunks.aspx

     

    • Marked as answer by D Wind Tuesday, May 4, 2010 8:42 AM
    Tuesday, May 4, 2010 8:42 AM

All replies

  • Hi S,

    Just want to check things out here - have you reversed your internal and external addresses in your explanation above?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team
    Friday, April 30, 2010 12:43 PM
  • Its correct, I just used random IP's for the explanation....192.168.x.y is external (Internet) and 1.1.x.y is internal (intranet)

    I have resorted to using this as the webpart: http://externalFQDNname/uniqueID/SecuretrunknamePortalHomePage/MainFramex.aspx

    where externalFQDNname is the name of the extyrenally published Sharepoint application....and when it loads slowly, I can actuallyy see in the bottom of the browser that it calls the UAG Trunk FQDN....

    hence my question of which FQDN do I need to register in ISP DNS?

    Friday, April 30, 2010 12:47 PM
  • UAG.Company.com is the one you need to register at you ISP DNS
    Martijn B.
    • Marked as answer by Erez Benari Tuesday, May 4, 2010 12:11 AM
    Monday, May 3, 2010 6:28 AM
  • So you concur that in addition to any public websites URLs, we need to also register the Trunk name.
    Monday, May 3, 2010 6:36 AM
  • Finally found something usefull:

    In HTTPS trunks, we recommend that both the public host name of the trunk and the public host name of the application should be included on the server certificate used by the trunk.  Alternatively you can use a wildcard certificate. You can use names that do not match the certificate. In this case, ignore the certificate warning that pops up during trunk configuration. If names do not match, connecting endpoints will be presented with a browser warning that there might be a problem with the website’s security certificate, and must choose to continue for site access.

    http://blogs.technet.com/edgeaccessblog/archive/2010/01/15/what-happened-to-basic-and-webmail-trunks.aspx

     

    • Marked as answer by D Wind Tuesday, May 4, 2010 8:42 AM
    Tuesday, May 4, 2010 8:42 AM